jumpserver/apps/authentication/backends/radius.py

# -*- coding: utf-8 -*-
#
import traceback

from django.contrib.auth import get_user_model
from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend
from django.conf import settings


User = get_user_model()


class CreateUserMixin:
    def get_django_user(self, username, password=None, *args, **kwargs):
        if isinstance(username, bytes):
            username = username.decode()
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            if '@' in username:
                email = username
            else:
                email_suffix = settings.EMAIL_SUFFIX
                email = '{}@{}'.format(username, email_suffix)
            user = User(username=username, name=username, email=email)
            user.source = user.Source.radius.value
            user.save()
        return user

    def _perform_radius_auth(self, client, packet):
        # TODO: 等待官方库修复这个BUG
        try:
            return super()._perform_radius_auth(client, packet)
        except UnicodeError as e:
            import sys
            tb = ''.join(traceback.format_exception(*sys.exc_info(), limit=2, chain=False))
            if tb.find("cl.decode") != -1:
                return [], False, False
            return None


class RadiusBackend(CreateUserMixin, RADIUSBackend):
    def authenticate(self, request, username='', password='', **kwargs):
        return super().authenticate(request, username=username, password=password)


class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):
    def authenticate(self, request, username='', password='', realm=None, **kwargs):
        return super().authenticate(request, username=username, password=password, realm=realm)
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`# -- coding: utf-8 --`
			`#`
fix(auth): 修复radius decode error的问题 2020-07-31 11:40:27 +00:00			`import traceback`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00
feat: 添加限制用户只能从source登录的功能 (#5592) * stash it * feat: 添加限制用户只能从source登录的功能 * fix: 修复小错误 Co-authored-by: ibuler <ibuler@qq.com> 2021-02-26 09:33:11 +00:00			`from django.contrib.auth import get_user_model`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`from radiusauth.backends import RADIUSBackend, RADIUSRealmBackend`
			`from django.conf import settings`

[Update] 修改radius MFA 2019-11-11 12:10:49 +00:00
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`User = get_user_model()`


			`class CreateUserMixin:`
fix(radius): 修复radius认证失败问题 (#4342) * fix(radius): 修复radius认证失败问题，添加get_django_user方法参数（django-radius==1.4.0 中添加了额外参数） * fix(radius): 修复radius认证失败问题，重写authenticate方法（django-radius 不接受public_key参数) 2020-07-16 09:07:40 +00:00			`def get_django_user(self, username, password=None, args, *kwargs):`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`if isinstance(username, bytes):`
			`username = username.decode()`
			`try:`
			`user = User.objects.get(username=username)`
			`except User.DoesNotExist:`
			`if '@' in username:`
			`email = username`
			`else:`
			`email_suffix = settings.EMAIL_SUFFIX`
			`email = '{}@{}'.format(username, email_suffix)`
			`user = User(username=username, name=username, email=email)`
feat(login): 登录日志要体现用哪个backend登录的 #4472 (#5199) Co-authored-by: xinwen <coderWen@126.com> 2020-12-09 10:43:13 +00:00			`user.source = user.Source.radius.value`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00			`user.save()`
			`return user`

fix(auth): 修复radius decode error的问题 2020-07-31 11:40:27 +00:00			`def _perform_radius_auth(self, client, packet):`
			`# TODO: 等待官方库修复这个BUG`
			`try:`
			`return super()._perform_radius_auth(client, packet)`
			`except UnicodeError as e:`
			`import sys`
			`tb = ''.join(traceback.format_exception(*sys.exc_info(), limit=2, chain=False))`
			`if tb.find("cl.decode") != -1:`
			`return [], False, False`
			`return None`

[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00
			`class RadiusBackend(CreateUserMixin, RADIUSBackend):`
fix: 再次修复 2020-09-16 03:05:52 +00:00			`def authenticate(self, request, username='', password='', **kwargs):`
fix(authentication): 修复同时开启radius, openid引起的问题 2020-09-16 02:52:50 +00:00			`return super().authenticate(request, username=username, password=password)`
[Update] 支持radius认证 (#2323) * [Update] 支持radius认证 * [Update] 支持radius * [Update] 增加requirements * [Update] 修改copyright * [Update] 修改migrations 2019-01-07 11:20:39 +00:00

			`class RadiusRealmBackend(CreateUserMixin, RADIUSRealmBackend):`
fix: 再次修复 2020-09-16 03:05:52 +00:00			`def authenticate(self, request, username='', password='', realm=None, **kwargs):`
fix(authentication): 修复同时开启radius, openid引起的问题 2020-09-16 02:52:50 +00:00			`return super().authenticate(request, username=username, password=password, realm=realm)`